Signing your git contributions/emails/etc…. with personal SSL certificates [macOSX oriented]

This is a simple checklist on how to ask for a personal SSL certificate, which will allow to sign your git contribs or your emails. The procedure is described for macOSX platform, but can be easily adapted to other platforms.

First of all, you need a personal SSL certificate.

If you have an Inria email adress, the process is described at: https://doc-si.inria.fr/display/SU/Certificat+personnel.
P.S.: if you are confident, you can just go to
https://cert-manager.com/customer/renater/idp/clientgeant and follow your instinct.

At the end of the process, you should get a .p12 certificate file, that you can import in the KeyChain application.
At this stage, you are already able to sign your email (issued with you Inria’s email), then using the macOSX native Mail application.

If you want to use the certificate on another platform (eg IOS) or sign your git contributions, you need to export this certificate from your keychain.

Some information is available at:
https://doc-si.inria.fr/display/SU/Certificat+personnel#expand-Transmettreausquestre

The sequence is:

• • launch the Keychain Access

application

• select  My Certificates in the login keychain
• on the right box, you should see your name and a GEANT Key entry
• select this key, and export it in PKCS12 format (.p12 extension)

To use the certificate with git (and then sign your contributions):

• if necessary, install brew (https://brew.sh/)
• install the gpgsm tool

$ brew install gnupg

• import the certificate in the gnupg keyring and get your certificate id

$ gpgsm –import my_certificate.p12 $ gpgsm –list-keys

/Users/jls/.gnupg/pubring.kbx

—————————–

ID: 0xC5XXXXE1

S/N: 0BC5F5F3977F3D9110FFF9A202C171CA

(dec): 15649364980291279562127593873841680842

Issuer: /CN=GEANT Personal CA 4/O=GEANT Vereniging/C=NL

Subject: /CN=Jean-Luc SZPYRKA/O=INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE/STREET=LA PLAINE DE VOLUCEAU/ST=Île-de-France/C=FR aka: Jean-Luc.Szpyrka@inria.fr

validity: 2022-07-01 00:00:00 through 2025-06-30 23:59:59 etc….

• configure git to use this identity (https://github.com/github/smimesign/blob/master/README.md)
  • git config –global user.signingkey C5XXXXE
  • git config –global gpg.x509.program smimesign
  • git config –global pgp.format x509

•  

That’s all folks !